Refactors the Passkey implementation to include more checks and a structure that is more aligned with the official specification.
Notable changes:
- _BrowserService_ no longer does the checks by itself. A new class _BrowserPasskeysClient_ constructs the relevant objects, acting as a client. _BrowserService_ only acts as a bridge between the client and _BrowserPasskeys_ (authenticator) and calls the relevant popups for user interaction.
- A new helper class _PasskeyUtils_ includes the actual checks and parses the objects.
- _BrowserPasskeys_ is pretty much intact, but some functions have been moved to PasskeyUtils.
- Fixes Ed25519 encoding in _BrowserCBOR_.
- Adds new error messages.
- User confirmation for Passkey retrieval is also asked even if `discouraged` is used. This goes against the specification, but currently there's no other way to verify the user.
- `cross-platform` is also accepted for compatibility. This could be removed if there's a potential issue with it.
- Extension data is now handled correctly during Authentication.
- Allowed and excluded credentials are now handled correctly.
- `KPEX_PASSKEY_GENERATED_USER_ID` is renamed to `KPEX_PASSKEY_CREDENTIAL_ID`
- Adds a new option "Allow localhost with Passkeys" to Browser Integration -> Advanced tab. By default it's not allowed to access HTTP sites, but `http://localhost` can be allowed for debugging and testing purposes for local servers.
- Add tag `Passkey` to a Passkey entry, or an entry with an imported Passkey.
Fixes#10287.
* Fix#7892 - Pressing escape when the quick unlock prompt is shown will now go back to the main unlock dialog view.
* Fix#9030 - Quick unlock will be automatically invoked in the unlock dialog upon being shown.
* Fix#9554 - Quick unlock application setting will be updated every time the settings widget is shown instead of just on first launch.
* Show warning that quick unlock is not enabled if user cancels Windows Hello prompt. This should limit people thinking there is a security issue. Also improve documentation describing this behavior.
* Disable quick unlock in gui tests
Fix Botan 3 build (#9388)
* SymmetricCipher: Fix Botan 3 build
Botan commit 819cf8fe6278a19b8266f449228f02fc28a4f784 changed Botan::Cipher_Dir to be a scoped enumeration, so the users must be adapted.
This change causes no issues with Botan 2 because normal enumeration values can also be referred to the same way scoped enumeration values are accessed.
* Auto detect Botan3
* AsyncTask: Do not use `std::result_of`
`std::result_of` was deprecated in C++17 and then it was subsequently removed in C++20. One could use `std::invoke_result_t`, but let Qt figure out the return type instead.
* Collapse Botan2 and Botan3 find package into one
* Update COPYING
Enable buddy fields in group and entry edit pages
* Fixes#9060, you can now press Alt + [letter] to skip between fields on the group and entry edit pages.
* Move the expire checkbox to the right hand column and use the standard eye icon button for notes reveal. Only show notes reveal button if the hide notes setting is enabled.
Fix overflow of text in default auto-type sequence preview
* Fixes#9083
Add copy title shortcut (Ctrl + I)
* Closes#9109
Fix issues with menu actions being enabled incorrectly
Add accessibility description to password widget to explain how to hide/show passwords and open the generator
* Closes#9059
Add F6 shortcut to focus search
* Closes#9163
* Add configuration to hide TOTP in preview widget (shown by default).
* Retain the visibility of TOTP and other fields when the same entry remains selected in the preview panel.
* Fix disconnecting signals when switch entries / groups. This likely is going to fix crashes because we were compounding signals when focusing in on the main window.
* Fix#8952 - move translations for Cipher and KDF strings into evaluated code instead of globally defined code. The strings were being baked prior to the language being set resulting in only english being displayed.
The KeyCredentialManager::RequestCreateAsync call can fail because we can end up in a situation where Windows Hello is initially available but then becomes unavailable, such as during a remote desktop session. This commit prevents a crash by moving the call into the try-catch.
Fixes#7890
Also resets quick unlock if there is an unrecoverable error. This will not occur if the user merely canceled the Windows Hello dialog.
* Fix detecting AES-256/GCM cipher, fixes#8964
When you generate a ssh key using the aes-256/gcm cipher, the cipher name in the keyfile includes an @openssh.com at the end.
* Use separate iv length for getting iv data, the assumption that the block size and iv size are equal does not hold for every cipher mode (e.g., GCM)
* Disable AES-256/GCM for now in ssh keys
Currently, the granularity for the botan gcm implementation is too large. To fix a problem with another algorithm in the library, they are multiplying
the blocksize, so by default the granularity is 64. This causes issues since the encrypted data in the key is only guaranteed to have a length that is a multiple of the block size (16).
currently, when keepassxc is not running, the command `keepassxc --lock` opens a new keepass window and blocks until the window is closed.
Especially in locking scripts this is rather unexpected and Ican't think of a case where someone explicitly starts keepass with --lock and wants this behaviour.
Rather --lock should always ensure, that there are no unlocked instances and exiting afterwards
